]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/drivers/driver_wext.c
projects / thirdparty / hostap.git / blob
? search:


b6273e53787b2176ccd1efc42a1f942f8f6e0189
[thirdparty/hostap.git] / src / drivers / driver_wext.c
1 /*
2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
19 */
20
21 #include "includes.h"
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
24
25 #include "wireless_copy.h"
26 #include "common.h"
27 #include "driver.h"
28 #include "eloop.h"
29 #include "priv_netlink.h"
30 #include "driver_wext.h"
31 #include "ieee802_11_defs.h"
32 #include "wpa_common.h"
33
34
35 static int wpa_driver_wext_flush_pmkid(void *priv);
36 static int wpa_driver_wext_get_range(void *priv);
37 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
38
39
40 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
41 int linkmode, int operstate)
42 {
43 struct {
44 struct nlmsghdr hdr;
45 struct ifinfomsg ifinfo;
46 char opts[16];
47 } req;
48 struct rtattr *rta;
49 static int nl_seq;
50 ssize_t ret;
51
52 os_memset(&req, 0, sizeof(req));
53
54 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
55 req.hdr.nlmsg_type = RTM_SETLINK;
56 req.hdr.nlmsg_flags = NLM_F_REQUEST;
57 req.hdr.nlmsg_seq = ++nl_seq;
58 req.hdr.nlmsg_pid = 0;
59
60 req.ifinfo.ifi_family = AF_UNSPEC;
61 req.ifinfo.ifi_type = 0;
62 req.ifinfo.ifi_index = drv->ifindex;
63 req.ifinfo.ifi_flags = 0;
64 req.ifinfo.ifi_change = 0;
65
66 if (linkmode != -1) {
67 rta = (struct rtattr *)
68 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
69 rta->rta_type = IFLA_LINKMODE;
70 rta->rta_len = RTA_LENGTH(sizeof(char));
71 *((char *) RTA_DATA(rta)) = linkmode;
72 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
73 RTA_LENGTH(sizeof(char));
74 }
75 if (operstate != -1) {
76 rta = (struct rtattr *)
77 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
78 rta->rta_type = IFLA_OPERSTATE;
79 rta->rta_len = RTA_LENGTH(sizeof(char));
80 *((char *) RTA_DATA(rta)) = operstate;
81 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
82 RTA_LENGTH(sizeof(char));
83 }
84
85 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
86 linkmode, operstate);
87
88 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
89 if (ret < 0) {
90 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
91 "%s (assume operstate is not supported)",
92 strerror(errno));
93 }
94
95 return ret < 0 ? -1 : 0;
96 }
97
98
99 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
100 int idx, u32 value)
101 {
102 struct iwreq iwr;
103 int ret = 0;
104
105 os_memset(&iwr, 0, sizeof(iwr));
106 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
107 iwr.u.param.flags = idx & IW_AUTH_INDEX;
108 iwr.u.param.value = value;
109
110 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
111 if (errno != EOPNOTSUPP) {
112 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
113 "value 0x%x) failed: %s)",
114 idx, value, strerror(errno));
115 }
116 ret = errno == EOPNOTSUPP ? -2 : -1;
117 }
118
119 return ret;
120 }
121
122
123 /**
124 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
125 * @priv: Pointer to private wext data from wpa_driver_wext_init()
126 * @bssid: Buffer for BSSID
127 * Returns: 0 on success, -1 on failure
128 */
129 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
130 {
131 struct wpa_driver_wext_data *drv = priv;
132 struct iwreq iwr;
133 int ret = 0;
134
135 os_memset(&iwr, 0, sizeof(iwr));
136 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
137
138 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
139 perror("ioctl[SIOCGIWAP]");
140 ret = -1;
141 }
142 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
143
144 return ret;
145 }
146
147
148 /**
149 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
150 * @priv: Pointer to private wext data from wpa_driver_wext_init()
151 * @bssid: BSSID
152 * Returns: 0 on success, -1 on failure
153 */
154 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
155 {
156 struct wpa_driver_wext_data *drv = priv;
157 struct iwreq iwr;
158 int ret = 0;
159
160 os_memset(&iwr, 0, sizeof(iwr));
161 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
162 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
163 if (bssid)
164 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
165 else
166 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
167
168 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
169 perror("ioctl[SIOCSIWAP]");
170 ret = -1;
171 }
172
173 return ret;
174 }
175
176
177 /**
178 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
179 * @priv: Pointer to private wext data from wpa_driver_wext_init()
180 * @ssid: Buffer for the SSID; must be at least 32 bytes long
181 * Returns: SSID length on success, -1 on failure
182 */
183 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
184 {
185 struct wpa_driver_wext_data *drv = priv;
186 struct iwreq iwr;
187 int ret = 0;
188
189 os_memset(&iwr, 0, sizeof(iwr));
190 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
191 iwr.u.essid.pointer = (caddr_t) ssid;
192 iwr.u.essid.length = 32;
193
194 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
195 perror("ioctl[SIOCGIWESSID]");
196 ret = -1;
197 } else {
198 ret = iwr.u.essid.length;
199 if (ret > 32)
200 ret = 32;
201 /* Some drivers include nul termination in the SSID, so let's
202 * remove it here before further processing. WE-21 changes this
203 * to explicitly require the length _not_ to include nul
204 * termination. */
205 if (ret > 0 && ssid[ret - 1] == '\0' &&
206 drv->we_version_compiled < 21)
207 ret--;
208 }
209
210 return ret;
211 }
212
213
214 /**
215 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
216 * @priv: Pointer to private wext data from wpa_driver_wext_init()
217 * @ssid: SSID
218 * @ssid_len: Length of SSID (0..32)
219 * Returns: 0 on success, -1 on failure
220 */
221 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
222 {
223 struct wpa_driver_wext_data *drv = priv;
224 struct iwreq iwr;
225 int ret = 0;
226 char buf[33];
227
228 if (ssid_len > 32)
229 return -1;
230
231 os_memset(&iwr, 0, sizeof(iwr));
232 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
233 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
234 iwr.u.essid.flags = (ssid_len != 0);
235 os_memset(buf, 0, sizeof(buf));
236 os_memcpy(buf, ssid, ssid_len);
237 iwr.u.essid.pointer = (caddr_t) buf;
238 if (drv->we_version_compiled < 21) {
239 /* For historic reasons, set SSID length to include one extra
240 * character, C string nul termination, even though SSID is
241 * really an octet string that should not be presented as a C
242 * string. Some Linux drivers decrement the length by one and
243 * can thus end up missing the last octet of the SSID if the
244 * length is not incremented here. WE-21 changes this to
245 * explicitly require the length _not_ to include nul
246 * termination. */
247 if (ssid_len)
248 ssid_len++;
249 }
250 iwr.u.essid.length = ssid_len;
251
252 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
253 perror("ioctl[SIOCSIWESSID]");
254 ret = -1;
255 }
256
257 return ret;
258 }
259
260
261 /**
262 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
263 * @priv: Pointer to private wext data from wpa_driver_wext_init()
264 * @freq: Frequency in MHz
265 * Returns: 0 on success, -1 on failure
266 */
267 int wpa_driver_wext_set_freq(void *priv, int freq)
268 {
269 struct wpa_driver_wext_data *drv = priv;
270 struct iwreq iwr;
271 int ret = 0;
272
273 os_memset(&iwr, 0, sizeof(iwr));
274 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
275 iwr.u.freq.m = freq * 100000;
276 iwr.u.freq.e = 1;
277
278 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
279 perror("ioctl[SIOCSIWFREQ]");
280 ret = -1;
281 }
282
283 return ret;
284 }
285
286
287 static void
288 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
289 {
290 union wpa_event_data data;
291
292 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
293 custom);
294
295 os_memset(&data, 0, sizeof(data));
296 /* Host AP driver */
297 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
298 data.michael_mic_failure.unicast =
299 os_strstr(custom, " unicast ") != NULL;
300 /* TODO: parse parameters(?) */
301 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
302 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
303 char *spos;
304 int bytes;
305
306 spos = custom + 17;
307
308 bytes = strspn(spos, "0123456789abcdefABCDEF");
309 if (!bytes || (bytes & 1))
310 return;
311 bytes /= 2;
312
313 data.assoc_info.req_ies = os_malloc(bytes);
314 if (data.assoc_info.req_ies == NULL)
315 return;
316
317 data.assoc_info.req_ies_len = bytes;
318 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
319
320 spos += bytes * 2;
321
322 data.assoc_info.resp_ies = NULL;
323 data.assoc_info.resp_ies_len = 0;
324
325 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
326 spos += 9;
327
328 bytes = strspn(spos, "0123456789abcdefABCDEF");
329 if (!bytes || (bytes & 1))
330 goto done;
331 bytes /= 2;
332
333 data.assoc_info.resp_ies = os_malloc(bytes);
334 if (data.assoc_info.resp_ies == NULL)
335 goto done;
336
337 data.assoc_info.resp_ies_len = bytes;
338 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
339 }
340
341 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
342
343 done:
344 os_free(data.assoc_info.resp_ies);
345 os_free(data.assoc_info.req_ies);
346 #ifdef CONFIG_PEERKEY
347 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
348 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
349 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
350 "STKSTART.request '%s'", custom + 17);
351 return;
352 }
353 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
354 #endif /* CONFIG_PEERKEY */
355 }
356 }
357
358
359 static int wpa_driver_wext_event_wireless_michaelmicfailure(
360 void *ctx, const char *ev, size_t len)
361 {
362 const struct iw_michaelmicfailure *mic;
363 union wpa_event_data data;
364
365 if (len < sizeof(*mic))
366 return -1;
367
368 mic = (const struct iw_michaelmicfailure *) ev;
369
370 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
371 "flags=0x%x src_addr=" MACSTR, mic->flags,
372 MAC2STR(mic->src_addr.sa_data));
373
374 os_memset(&data, 0, sizeof(data));
375 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
376 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
377
378 return 0;
379 }
380
381
382 static int wpa_driver_wext_event_wireless_pmkidcand(
383 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
384 {
385 const struct iw_pmkid_cand *cand;
386 union wpa_event_data data;
387 const u8 *addr;
388
389 if (len < sizeof(*cand))
390 return -1;
391
392 cand = (const struct iw_pmkid_cand *) ev;
393 addr = (const u8 *) cand->bssid.sa_data;
394
395 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
396 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
397 cand->index, MAC2STR(addr));
398
399 os_memset(&data, 0, sizeof(data));
400 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
401 data.pmkid_candidate.index = cand->index;
402 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
403 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
404
405 return 0;
406 }
407
408
409 static int wpa_driver_wext_event_wireless_assocreqie(
410 struct wpa_driver_wext_data *drv, const char *ev, int len)
411 {
412 if (len < 0)
413 return -1;
414
415 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
416 len);
417 os_free(drv->assoc_req_ies);
418 drv->assoc_req_ies = os_malloc(len);
419 if (drv->assoc_req_ies == NULL) {
420 drv->assoc_req_ies_len = 0;
421 return -1;
422 }
423 os_memcpy(drv->assoc_req_ies, ev, len);
424 drv->assoc_req_ies_len = len;
425
426 return 0;
427 }
428
429
430 static int wpa_driver_wext_event_wireless_assocrespie(
431 struct wpa_driver_wext_data *drv, const char *ev, int len)
432 {
433 if (len < 0)
434 return -1;
435
436 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
437 len);
438 os_free(drv->assoc_resp_ies);
439 drv->assoc_resp_ies = os_malloc(len);
440 if (drv->assoc_resp_ies == NULL) {
441 drv->assoc_resp_ies_len = 0;
442 return -1;
443 }
444 os_memcpy(drv->assoc_resp_ies, ev, len);
445 drv->assoc_resp_ies_len = len;
446
447 return 0;
448 }
449
450
451 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
452 {
453 union wpa_event_data data;
454
455 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
456 return;
457
458 os_memset(&data, 0, sizeof(data));
459 if (drv->assoc_req_ies) {
460 data.assoc_info.req_ies = drv->assoc_req_ies;
461 drv->assoc_req_ies = NULL;
462 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
463 }
464 if (drv->assoc_resp_ies) {
465 data.assoc_info.resp_ies = drv->assoc_resp_ies;
466 drv->assoc_resp_ies = NULL;
467 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
468 }
469
470 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
471
472 os_free(data.assoc_info.req_ies);
473 os_free(data.assoc_info.resp_ies);
474 }
475
476
477 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
478 void *ctx, char *data, int len)
479 {
480 struct iw_event iwe_buf, *iwe = &iwe_buf;
481 char *pos, *end, *custom, *buf;
482
483 pos = data;
484 end = data + len;
485
486 while (pos + IW_EV_LCP_LEN <= end) {
487 /* Event data may be unaligned, so make a local, aligned copy
488 * before processing. */
489 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
490 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
491 iwe->cmd, iwe->len);
492 if (iwe->len <= IW_EV_LCP_LEN)
493 return;
494
495 custom = pos + IW_EV_POINT_LEN;
496 if (drv->we_version_compiled > 18 &&
497 (iwe->cmd == IWEVMICHAELMICFAILURE ||
498 iwe->cmd == IWEVCUSTOM ||
499 iwe->cmd == IWEVASSOCREQIE ||
500 iwe->cmd == IWEVASSOCRESPIE ||
501 iwe->cmd == IWEVPMKIDCAND)) {
502 /* WE-19 removed the pointer from struct iw_point */
503 char *dpos = (char *) &iwe_buf.u.data.length;
504 int dlen = dpos - (char *) &iwe_buf;
505 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
506 sizeof(struct iw_event) - dlen);
507 } else {
508 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
509 custom += IW_EV_POINT_OFF;
510 }
511
512 switch (iwe->cmd) {
513 case SIOCGIWAP:
514 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
515 MACSTR,
516 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
517 if (is_zero_ether_addr(
518 (const u8 *) iwe->u.ap_addr.sa_data) ||
519 os_memcmp(iwe->u.ap_addr.sa_data,
520 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
521 0) {
522 os_free(drv->assoc_req_ies);
523 drv->assoc_req_ies = NULL;
524 os_free(drv->assoc_resp_ies);
525 drv->assoc_resp_ies = NULL;
526 wpa_supplicant_event(ctx, EVENT_DISASSOC,
527 NULL);
528
529 } else {
530 wpa_driver_wext_event_assoc_ies(drv);
531 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
532 }
533 break;
534 case IWEVMICHAELMICFAILURE:
535 if (custom + iwe->u.data.length > end) {
536 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
537 "IWEVMICHAELMICFAILURE length");
538 return;
539 }
540 wpa_driver_wext_event_wireless_michaelmicfailure(
541 ctx, custom, iwe->u.data.length);
542 break;
543 case IWEVCUSTOM:
544 if (custom + iwe->u.data.length > end) {
545 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
546 "IWEVCUSTOM length");
547 return;
548 }
549 buf = os_malloc(iwe->u.data.length + 1);
550 if (buf == NULL)
551 return;
552 os_memcpy(buf, custom, iwe->u.data.length);
553 buf[iwe->u.data.length] = '\0';
554 wpa_driver_wext_event_wireless_custom(ctx, buf);
555 os_free(buf);
556 break;
557 case SIOCGIWSCAN:
558 drv->scan_complete_events = 1;
559 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
560 drv, ctx);
561 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
562 break;
563 case IWEVASSOCREQIE:
564 if (custom + iwe->u.data.length > end) {
565 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
566 "IWEVASSOCREQIE length");
567 return;
568 }
569 wpa_driver_wext_event_wireless_assocreqie(
570 drv, custom, iwe->u.data.length);
571 break;
572 case IWEVASSOCRESPIE:
573 if (custom + iwe->u.data.length > end) {
574 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
575 "IWEVASSOCRESPIE length");
576 return;
577 }
578 wpa_driver_wext_event_wireless_assocrespie(
579 drv, custom, iwe->u.data.length);
580 break;
581 case IWEVPMKIDCAND:
582 if (custom + iwe->u.data.length > end) {
583 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
584 "IWEVPMKIDCAND length");
585 return;
586 }
587 wpa_driver_wext_event_wireless_pmkidcand(
588 drv, custom, iwe->u.data.length);
589 break;
590 }
591
592 pos += iwe->len;
593 }
594 }
595
596
597 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
598 void *ctx, char *buf, size_t len,
599 int del)
600 {
601 union wpa_event_data event;
602
603 os_memset(&event, 0, sizeof(event));
604 if (len > sizeof(event.interface_status.ifname))
605 len = sizeof(event.interface_status.ifname) - 1;
606 os_memcpy(event.interface_status.ifname, buf, len);
607 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
608 EVENT_INTERFACE_ADDED;
609
610 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
611 del ? "DEL" : "NEW",
612 event.interface_status.ifname,
613 del ? "removed" : "added");
614
615 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
616 if (del)
617 drv->if_removed = 1;
618 else
619 drv->if_removed = 0;
620 }
621
622 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
623 }
624
625
626 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
627 struct nlmsghdr *h)
628 {
629 struct ifinfomsg *ifi;
630 int attrlen, nlmsg_len, rta_len;
631 struct rtattr *attr;
632
633 ifi = NLMSG_DATA(h);
634
635 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
636
637 attrlen = h->nlmsg_len - nlmsg_len;
638 if (attrlen < 0)
639 return 0;
640
641 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
642
643 rta_len = RTA_ALIGN(sizeof(struct rtattr));
644 while (RTA_OK(attr, attrlen)) {
645 if (attr->rta_type == IFLA_IFNAME) {
646 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
647 == 0)
648 return 1;
649 else
650 break;
651 }
652 attr = RTA_NEXT(attr, attrlen);
653 }
654
655 return 0;
656 }
657
658
659 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
660 int ifindex, struct nlmsghdr *h)
661 {
662 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
663 return 1;
664
665 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, h)) {
666 drv->ifindex = if_nametoindex(drv->ifname);
667 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
668 "interface");
669 wpa_driver_wext_finish_drv_init(drv);
670 return 1;
671 }
672
673 return 0;
674 }
675
676
677 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
678 void *ctx, struct nlmsghdr *h,
679 size_t len)
680 {
681 struct ifinfomsg *ifi;
682 int attrlen, nlmsg_len, rta_len;
683 struct rtattr * attr;
684
685 if (len < sizeof(*ifi))
686 return;
687
688 ifi = NLMSG_DATA(h);
689
690 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, h)) {
691 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
692 ifi->ifi_index);
693 return;
694 }
695
696 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
697 "(%s%s%s%s)",
698 drv->operstate, ifi->ifi_flags,
699 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
700 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
701 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
702 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
703 /*
704 * Some drivers send the association event before the operup event--in
705 * this case, lifting operstate in wpa_driver_wext_set_operstate()
706 * fails. This will hit us when wpa_supplicant does not need to do
707 * IEEE 802.1X authentication
708 */
709 if (drv->operstate == 1 &&
710 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
711 !(ifi->ifi_flags & IFF_RUNNING))
712 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
713
714 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
715
716 attrlen = h->nlmsg_len - nlmsg_len;
717 if (attrlen < 0)
718 return;
719
720 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
721
722 rta_len = RTA_ALIGN(sizeof(struct rtattr));
723 while (RTA_OK(attr, attrlen)) {
724 if (attr->rta_type == IFLA_WIRELESS) {
725 wpa_driver_wext_event_wireless(
726 drv, ctx, ((char *) attr) + rta_len,
727 attr->rta_len - rta_len);
728 } else if (attr->rta_type == IFLA_IFNAME) {
729 wpa_driver_wext_event_link(drv, ctx,
730 ((char *) attr) + rta_len,
731 attr->rta_len - rta_len, 0);
732 }
733 attr = RTA_NEXT(attr, attrlen);
734 }
735 }
736
737
738 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
739 void *ctx, struct nlmsghdr *h,
740 size_t len)
741 {
742 struct ifinfomsg *ifi;
743 int attrlen, nlmsg_len, rta_len;
744 struct rtattr * attr;
745
746 if (len < sizeof(*ifi))
747 return;
748
749 ifi = NLMSG_DATA(h);
750
751 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
752
753 attrlen = h->nlmsg_len - nlmsg_len;
754 if (attrlen < 0)
755 return;
756
757 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
758
759 rta_len = RTA_ALIGN(sizeof(struct rtattr));
760 while (RTA_OK(attr, attrlen)) {
761 if (attr->rta_type == IFLA_IFNAME) {
762 wpa_driver_wext_event_link(drv, ctx,
763 ((char *) attr) + rta_len,
764 attr->rta_len - rta_len, 1);
765 }
766 attr = RTA_NEXT(attr, attrlen);
767 }
768 }
769
770
771 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
772 void *sock_ctx)
773 {
774 char buf[8192];
775 int left;
776 struct sockaddr_nl from;
777 socklen_t fromlen;
778 struct nlmsghdr *h;
779 int max_events = 10;
780
781 try_again:
782 fromlen = sizeof(from);
783 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
784 (struct sockaddr *) &from, &fromlen);
785 if (left < 0) {
786 if (errno != EINTR && errno != EAGAIN)
787 perror("recvfrom(netlink)");
788 return;
789 }
790
791 h = (struct nlmsghdr *) buf;
792 while (left >= (int) sizeof(*h)) {
793 int len, plen;
794
795 len = h->nlmsg_len;
796 plen = len - sizeof(*h);
797 if (len > left || plen < 0) {
798 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
799 "len=%d left=%d plen=%d",
800 len, left, plen);
801 break;
802 }
803
804 switch (h->nlmsg_type) {
805 case RTM_NEWLINK:
806 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
807 h, plen);
808 break;
809 case RTM_DELLINK:
810 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
811 h, plen);
812 break;
813 }
814
815 len = NLMSG_ALIGN(len);
816 left -= len;
817 h = (struct nlmsghdr *) ((char *) h + len);
818 }
819
820 if (left > 0) {
821 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
822 "message", left);
823 }
824
825 if (--max_events > 0) {
826 /*
827 * Try to receive all events in one eloop call in order to
828 * limit race condition on cases where AssocInfo event, Assoc
829 * event, and EAPOL frames are received more or less at the
830 * same time. We want to process the event messages first
831 * before starting EAPOL processing.
832 */
833 goto try_again;
834 }
835 }
836
837
838 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
839 const char *ifname, int *flags)
840 {
841 struct ifreq ifr;
842
843 os_memset(&ifr, 0, sizeof(ifr));
844 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
845 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
846 perror("ioctl[SIOCGIFFLAGS]");
847 return -1;
848 }
849 *flags = ifr.ifr_flags & 0xffff;
850 return 0;
851 }
852
853
854 /**
855 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
856 * @drv: driver_wext private data
857 * @flags: Pointer to returned flags value
858 * Returns: 0 on success, -1 on failure
859 */
860 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
861 {
862 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
863 }
864
865
866 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
867 const char *ifname, int flags)
868 {
869 struct ifreq ifr;
870
871 os_memset(&ifr, 0, sizeof(ifr));
872 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
873 ifr.ifr_flags = flags & 0xffff;
874 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
875 perror("SIOCSIFFLAGS");
876 return -1;
877 }
878 return 0;
879 }
880
881
882 /**
883 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
884 * @drv: driver_wext private data
885 * @flags: New value for flags
886 * Returns: 0 on success, -1 on failure
887 */
888 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
889 {
890 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
891 }
892
893
894 /**
895 * wpa_driver_wext_init - Initialize WE driver interface
896 * @ctx: context to be used when calling wpa_supplicant functions,
897 * e.g., wpa_supplicant_event()
898 * @ifname: interface name, e.g., wlan0
899 * Returns: Pointer to private data, %NULL on failure
900 */
901 void * wpa_driver_wext_init(void *ctx, const char *ifname)
902 {
903 int s;
904 struct sockaddr_nl local;
905 struct wpa_driver_wext_data *drv;
906
907 drv = os_zalloc(sizeof(*drv));
908 if (drv == NULL)
909 return NULL;
910 drv->ctx = ctx;
911 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
912
913 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
914 if (drv->ioctl_sock < 0) {
915 perror("socket(PF_INET,SOCK_DGRAM)");
916 os_free(drv);
917 return NULL;
918 }
919
920 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
921 if (s < 0) {
922 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
923 close(drv->ioctl_sock);
924 os_free(drv);
925 return NULL;
926 }
927
928 os_memset(&local, 0, sizeof(local));
929 local.nl_family = AF_NETLINK;
930 local.nl_groups = RTMGRP_LINK;
931 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
932 perror("bind(netlink)");
933 close(s);
934 close(drv->ioctl_sock);
935 os_free(drv);
936 return NULL;
937 }
938
939 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
940 drv->event_sock = s;
941
942 drv->mlme_sock = -1;
943
944 wpa_driver_wext_finish_drv_init(drv);
945
946 return drv;
947 }
948
949
950 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
951 {
952 int flags;
953
954 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0)
955 printf("Could not get interface '%s' flags\n", drv->ifname);
956 else if (!(flags & IFF_UP)) {
957 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
958 printf("Could not set interface '%s' UP\n",
959 drv->ifname);
960 } else {
961 /*
962 * Wait some time to allow driver to initialize before
963 * starting configuring the driver. This seems to be
964 * needed at least some drivers that load firmware etc.
965 * when the interface is set up.
966 */
967 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
968 "a second for the driver to complete "
969 "initialization", drv->ifname);
970 sleep(1);
971 }
972 }
973
974 /*
975 * Make sure that the driver does not have any obsolete PMKID entries.
976 */
977 wpa_driver_wext_flush_pmkid(drv);
978
979 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
980 printf("Could not configure driver to use managed mode\n");
981 }
982
983 wpa_driver_wext_get_range(drv);
984
985 drv->ifindex = if_nametoindex(drv->ifname);
986
987 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
988 /*
989 * Host AP driver may use both wlan# and wifi# interface in
990 * wireless events. Since some of the versions included WE-18
991 * support, let's add the alternative ifindex also from
992 * driver_wext.c for the time being. This may be removed at
993 * some point once it is believed that old versions of the
994 * driver are not in use anymore.
995 */
996 char ifname2[IFNAMSIZ + 1];
997 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
998 os_memcpy(ifname2, "wifi", 4);
999 wpa_driver_wext_alternative_ifindex(drv, ifname2);
1000 }
1001
1002 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1003 }
1004
1005
1006 /**
1007 * wpa_driver_wext_deinit - Deinitialize WE driver interface
1008 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1009 *
1010 * Shut down driver interface and processing of driver events. Free
1011 * private data buffer if one was allocated in wpa_driver_wext_init().
1012 */
1013 void wpa_driver_wext_deinit(void *priv)
1014 {
1015 struct wpa_driver_wext_data *drv = priv;
1016 int flags;
1017
1018 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1019
1020 /*
1021 * Clear possibly configured driver parameters in order to make it
1022 * easier to use the driver after wpa_supplicant has been terminated.
1023 */
1024 (void) wpa_driver_wext_set_bssid(drv,
1025 (u8 *) "\x00\x00\x00\x00\x00\x00");
1026
1027 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
1028
1029 eloop_unregister_read_sock(drv->event_sock);
1030 if (drv->mlme_sock >= 0)
1031 eloop_unregister_read_sock(drv->mlme_sock);
1032
1033 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
1034 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
1035
1036 close(drv->event_sock);
1037 close(drv->ioctl_sock);
1038 if (drv->mlme_sock >= 0)
1039 close(drv->mlme_sock);
1040 os_free(drv->assoc_req_ies);
1041 os_free(drv->assoc_resp_ies);
1042 os_free(drv);
1043 }
1044
1045
1046 /**
1047 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1048 * @eloop_ctx: Unused
1049 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1050 *
1051 * This function can be used as registered timeout when starting a scan to
1052 * generate a scan completed event if the driver does not report this.
1053 */
1054 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1055 {
1056 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1057 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1058 }
1059
1060
1061 /**
1062 * wpa_driver_wext_scan - Request the driver to initiate scan
1063 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1064 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1065 * all SSIDs (either active scan with broadcast SSID or passive
1066 * scan
1067 * @ssid_len: Length of the SSID
1068 * Returns: 0 on success, -1 on failure
1069 */
1070 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
1071 {
1072 struct wpa_driver_wext_data *drv = priv;
1073 struct iwreq iwr;
1074 int ret = 0, timeout;
1075 struct iw_scan_req req;
1076
1077 if (ssid_len > IW_ESSID_MAX_SIZE) {
1078 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1079 __FUNCTION__, (unsigned long) ssid_len);
1080 return -1;
1081 }
1082
1083 os_memset(&iwr, 0, sizeof(iwr));
1084 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1085
1086 if (ssid && ssid_len) {
1087 os_memset(&req, 0, sizeof(req));
1088 req.essid_len = ssid_len;
1089 req.bssid.sa_family = ARPHRD_ETHER;
1090 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1091 os_memcpy(req.essid, ssid, ssid_len);
1092 iwr.u.data.pointer = (caddr_t) &req;
1093 iwr.u.data.length = sizeof(req);
1094 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1095 }
1096
1097 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1098 perror("ioctl[SIOCSIWSCAN]");
1099 ret = -1;
1100 }
1101
1102 /* Not all drivers generate "scan completed" wireless event, so try to
1103 * read results after a timeout. */
1104 timeout = 5;
1105 if (drv->scan_complete_events) {
1106 /*
1107 * The driver seems to deliver SIOCGIWSCAN events to notify
1108 * when scan is complete, so use longer timeout to avoid race
1109 * conditions with scanning and following association request.
1110 */
1111 timeout = 30;
1112 }
1113 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1114 "seconds", ret, timeout);
1115 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1116 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1117 drv->ctx);
1118
1119 return ret;
1120 }
1121
1122
1123 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1124 size_t *len)
1125 {
1126 struct iwreq iwr;
1127 u8 *res_buf;
1128 size_t res_buf_len;
1129
1130 res_buf_len = IW_SCAN_MAX_DATA;
1131 for (;;) {
1132 res_buf = os_malloc(res_buf_len);
1133 if (res_buf == NULL)
1134 return NULL;
1135 os_memset(&iwr, 0, sizeof(iwr));
1136 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1137 iwr.u.data.pointer = res_buf;
1138 iwr.u.data.length = res_buf_len;
1139
1140 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1141 break;
1142
1143 if (errno == E2BIG && res_buf_len < 100000) {
1144 os_free(res_buf);
1145 res_buf = NULL;
1146 res_buf_len *= 2;
1147 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1148 "trying larger buffer (%lu bytes)",
1149 (unsigned long) res_buf_len);
1150 } else {
1151 perror("ioctl[SIOCGIWSCAN]");
1152 os_free(res_buf);
1153 return NULL;
1154 }
1155 }
1156
1157 if (iwr.u.data.length > res_buf_len) {
1158 os_free(res_buf);
1159 return NULL;
1160 }
1161 *len = iwr.u.data.length;
1162
1163 return res_buf;
1164 }
1165
1166
1167 /*
1168 * Data structure for collecting WEXT scan results. This is needed to allow
1169 * the various methods of reporting IEs to be combined into a single IE buffer.
1170 */
1171 struct wext_scan_data {
1172 struct wpa_scan_res res;
1173 u8 *ie;
1174 size_t ie_len;
1175 u8 ssid[32];
1176 size_t ssid_len;
1177 int maxrate;
1178 };
1179
1180
1181 static void wext_get_scan_mode(struct iw_event *iwe,
1182 struct wext_scan_data *res)
1183 {
1184 if (iwe->u.mode == IW_MODE_ADHOC)
1185 res->res.caps |= IEEE80211_CAP_IBSS;
1186 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1187 res->res.caps |= IEEE80211_CAP_ESS;
1188 }
1189
1190
1191 static void wext_get_scan_ssid(struct iw_event *iwe,
1192 struct wext_scan_data *res, char *custom,
1193 char *end)
1194 {
1195 int ssid_len = iwe->u.essid.length;
1196 if (custom + ssid_len > end)
1197 return;
1198 if (iwe->u.essid.flags &&
1199 ssid_len > 0 &&
1200 ssid_len <= IW_ESSID_MAX_SIZE) {
1201 os_memcpy(res->ssid, custom, ssid_len);
1202 res->ssid_len = ssid_len;
1203 }
1204 }
1205
1206
1207 static void wext_get_scan_freq(struct iw_event *iwe,
1208 struct wext_scan_data *res)
1209 {
1210 int divi = 1000000, i;
1211
1212 if (iwe->u.freq.e == 0) {
1213 /*
1214 * Some drivers do not report frequency, but a channel.
1215 * Try to map this to frequency by assuming they are using
1216 * IEEE 802.11b/g. But don't overwrite a previously parsed
1217 * frequency if the driver sends both frequency and channel,
1218 * since the driver may be sending an A-band channel that we
1219 * don't handle here.
1220 */
1221
1222 if (res->res.freq)
1223 return;
1224
1225 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1226 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1227 return;
1228 } else if (iwe->u.freq.m == 14) {
1229 res->res.freq = 2484;
1230 return;
1231 }
1232 }
1233
1234 if (iwe->u.freq.e > 6) {
1235 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1236 MACSTR " m=%d e=%d)",
1237 MAC2STR(res->res.bssid), iwe->u.freq.m,
1238 iwe->u.freq.e);
1239 return;
1240 }
1241
1242 for (i = 0; i < iwe->u.freq.e; i++)
1243 divi /= 10;
1244 res->res.freq = iwe->u.freq.m / divi;
1245 }
1246
1247
1248 static void wext_get_scan_qual(struct iw_event *iwe,
1249 struct wext_scan_data *res)
1250 {
1251 res->res.qual = iwe->u.qual.qual;
1252 res->res.noise = iwe->u.qual.noise;
1253 res->res.level = iwe->u.qual.level;
1254 }
1255
1256
1257 static void wext_get_scan_encode(struct iw_event *iwe,
1258 struct wext_scan_data *res)
1259 {
1260 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1261 res->res.caps |= IEEE80211_CAP_PRIVACY;
1262 }
1263
1264
1265 static void wext_get_scan_rate(struct iw_event *iwe,
1266 struct wext_scan_data *res, char *pos,
1267 char *end)
1268 {
1269 int maxrate;
1270 char *custom = pos + IW_EV_LCP_LEN;
1271 struct iw_param p;
1272 size_t clen;
1273
1274 clen = iwe->len;
1275 if (custom + clen > end)
1276 return;
1277 maxrate = 0;
1278 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1279 /* Note: may be misaligned, make a local, aligned copy */
1280 os_memcpy(&p, custom, sizeof(struct iw_param));
1281 if (p.value > maxrate)
1282 maxrate = p.value;
1283 clen -= sizeof(struct iw_param);
1284 custom += sizeof(struct iw_param);
1285 }
1286
1287 /* Convert the maxrate from WE-style (b/s units) to
1288 * 802.11 rates (500000 b/s units).
1289 */
1290 res->maxrate = maxrate / 500000;
1291 }
1292
1293
1294 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1295 struct wext_scan_data *res, char *custom,
1296 char *end)
1297 {
1298 char *genie, *gpos, *gend;
1299 u8 *tmp;
1300
1301 if (iwe->u.data.length == 0)
1302 return;
1303
1304 gpos = genie = custom;
1305 gend = genie + iwe->u.data.length;
1306 if (gend > end) {
1307 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1308 return;
1309 }
1310
1311 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1312 if (tmp == NULL)
1313 return;
1314 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1315 res->ie = tmp;
1316 res->ie_len += gend - gpos;
1317 }
1318
1319
1320 static void wext_get_scan_custom(struct iw_event *iwe,
1321 struct wext_scan_data *res, char *custom,
1322 char *end)
1323 {
1324 size_t clen;
1325 u8 *tmp;
1326
1327 clen = iwe->u.data.length;
1328 if (custom + clen > end)
1329 return;
1330
1331 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1332 char *spos;
1333 int bytes;
1334 spos = custom + 7;
1335 bytes = custom + clen - spos;
1336 if (bytes & 1 || bytes == 0)
1337 return;
1338 bytes /= 2;
1339 tmp = os_realloc(res->ie, res->ie_len + bytes);
1340 if (tmp == NULL)
1341 return;
1342 hexstr2bin(spos, tmp + res->ie_len, bytes);
1343 res->ie = tmp;
1344 res->ie_len += bytes;
1345 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1346 char *spos;
1347 int bytes;
1348 spos = custom + 7;
1349 bytes = custom + clen - spos;
1350 if (bytes & 1 || bytes == 0)
1351 return;
1352 bytes /= 2;
1353 tmp = os_realloc(res->ie, res->ie_len + bytes);
1354 if (tmp == NULL)
1355 return;
1356 hexstr2bin(spos, tmp + res->ie_len, bytes);
1357 res->ie = tmp;
1358 res->ie_len += bytes;
1359 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1360 char *spos;
1361 int bytes;
1362 u8 bin[8];
1363 spos = custom + 4;
1364 bytes = custom + clen - spos;
1365 if (bytes != 16) {
1366 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1367 return;
1368 }
1369 bytes /= 2;
1370 hexstr2bin(spos, bin, bytes);
1371 res->res.tsf += WPA_GET_BE64(bin);
1372 }
1373 }
1374
1375
1376 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1377 {
1378 return drv->we_version_compiled > 18 &&
1379 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1380 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1381 }
1382
1383
1384 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1385 struct wext_scan_data *data)
1386 {
1387 struct wpa_scan_res **tmp;
1388 struct wpa_scan_res *r;
1389 size_t extra_len;
1390 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1391
1392 /* Figure out whether we need to fake any IEs */
1393 pos = data->ie;
1394 end = pos + data->ie_len;
1395 while (pos && pos + 1 < end) {
1396 if (pos + 2 + pos[1] > end)
1397 break;
1398 if (pos[0] == WLAN_EID_SSID)
1399 ssid_ie = pos;
1400 else if (pos[0] == WLAN_EID_SUPP_RATES)
1401 rate_ie = pos;
1402 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1403 rate_ie = pos;
1404 pos += 2 + pos[1];
1405 }
1406
1407 extra_len = 0;
1408 if (ssid_ie == NULL)
1409 extra_len += 2 + data->ssid_len;
1410 if (rate_ie == NULL && data->maxrate)
1411 extra_len += 3;
1412
1413 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1414 if (r == NULL)
1415 return;
1416 os_memcpy(r, &data->res, sizeof(*r));
1417 r->ie_len = extra_len + data->ie_len;
1418 pos = (u8 *) (r + 1);
1419 if (ssid_ie == NULL) {
1420 /*
1421 * Generate a fake SSID IE since the driver did not report
1422 * a full IE list.
1423 */
1424 *pos++ = WLAN_EID_SSID;
1425 *pos++ = data->ssid_len;
1426 os_memcpy(pos, data->ssid, data->ssid_len);
1427 pos += data->ssid_len;
1428 }
1429 if (rate_ie == NULL && data->maxrate) {
1430 /*
1431 * Generate a fake Supported Rates IE since the driver did not
1432 * report a full IE list.
1433 */
1434 *pos++ = WLAN_EID_SUPP_RATES;
1435 *pos++ = 1;
1436 *pos++ = data->maxrate;
1437 }
1438 if (data->ie)
1439 os_memcpy(pos, data->ie, data->ie_len);
1440
1441 tmp = os_realloc(res->res,
1442 (res->num + 1) * sizeof(struct wpa_scan_res *));
1443 if (tmp == NULL) {
1444 os_free(r);
1445 return;
1446 }
1447 tmp[res->num++] = r;
1448 res->res = tmp;
1449 }
1450
1451
1452 /**
1453 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1454 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1455 * Returns: Scan results on success, -1 on failure
1456 */
1457 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1458 {
1459 struct wpa_driver_wext_data *drv = priv;
1460 size_t ap_num = 0, len;
1461 int first;
1462 u8 *res_buf;
1463 struct iw_event iwe_buf, *iwe = &iwe_buf;
1464 char *pos, *end, *custom;
1465 struct wpa_scan_results *res;
1466 struct wext_scan_data data;
1467
1468 res_buf = wpa_driver_wext_giwscan(drv, &len);
1469 if (res_buf == NULL)
1470 return NULL;
1471
1472 ap_num = 0;
1473 first = 1;
1474
1475 res = os_zalloc(sizeof(*res));
1476 if (res == NULL) {
1477 os_free(res_buf);
1478 return NULL;
1479 }
1480
1481 pos = (char *) res_buf;
1482 end = (char *) res_buf + len;
1483 os_memset(&data, 0, sizeof(data));
1484
1485 while (pos + IW_EV_LCP_LEN <= end) {
1486 /* Event data may be unaligned, so make a local, aligned copy
1487 * before processing. */
1488 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1489 if (iwe->len <= IW_EV_LCP_LEN)
1490 break;
1491
1492 custom = pos + IW_EV_POINT_LEN;
1493 if (wext_19_iw_point(drv, iwe->cmd)) {
1494 /* WE-19 removed the pointer from struct iw_point */
1495 char *dpos = (char *) &iwe_buf.u.data.length;
1496 int dlen = dpos - (char *) &iwe_buf;
1497 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1498 sizeof(struct iw_event) - dlen);
1499 } else {
1500 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1501 custom += IW_EV_POINT_OFF;
1502 }
1503
1504 switch (iwe->cmd) {
1505 case SIOCGIWAP:
1506 if (!first)
1507 wpa_driver_wext_add_scan_entry(res, &data);
1508 first = 0;
1509 os_free(data.ie);
1510 os_memset(&data, 0, sizeof(data));
1511 os_memcpy(data.res.bssid,
1512 iwe->u.ap_addr.sa_data, ETH_ALEN);
1513 break;
1514 case SIOCGIWMODE:
1515 wext_get_scan_mode(iwe, &data);
1516 break;
1517 case SIOCGIWESSID:
1518 wext_get_scan_ssid(iwe, &data, custom, end);
1519 break;
1520 case SIOCGIWFREQ:
1521 wext_get_scan_freq(iwe, &data);
1522 break;
1523 case IWEVQUAL:
1524 wext_get_scan_qual(iwe, &data);
1525 break;
1526 case SIOCGIWENCODE:
1527 wext_get_scan_encode(iwe, &data);
1528 break;
1529 case SIOCGIWRATE:
1530 wext_get_scan_rate(iwe, &data, pos, end);
1531 break;
1532 case IWEVGENIE:
1533 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1534 break;
1535 case IWEVCUSTOM:
1536 wext_get_scan_custom(iwe, &data, custom, end);
1537 break;
1538 }
1539
1540 pos += iwe->len;
1541 }
1542 os_free(res_buf);
1543 res_buf = NULL;
1544 if (!first)
1545 wpa_driver_wext_add_scan_entry(res, &data);
1546 os_free(data.ie);
1547
1548 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1549 (unsigned long) len, (unsigned long) res->num);
1550
1551 return res;
1552 }
1553
1554
1555 static int wpa_driver_wext_get_range(void *priv)
1556 {
1557 struct wpa_driver_wext_data *drv = priv;
1558 struct iw_range *range;
1559 struct iwreq iwr;
1560 int minlen;
1561 size_t buflen;
1562
1563 /*
1564 * Use larger buffer than struct iw_range in order to allow the
1565 * structure to grow in the future.
1566 */
1567 buflen = sizeof(struct iw_range) + 500;
1568 range = os_zalloc(buflen);
1569 if (range == NULL)
1570 return -1;
1571
1572 os_memset(&iwr, 0, sizeof(iwr));
1573 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1574 iwr.u.data.pointer = (caddr_t) range;
1575 iwr.u.data.length = buflen;
1576
1577 minlen = ((char *) &range->enc_capa) - (char *) range +
1578 sizeof(range->enc_capa);
1579
1580 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1581 perror("ioctl[SIOCGIWRANGE]");
1582 os_free(range);
1583 return -1;
1584 } else if (iwr.u.data.length >= minlen &&
1585 range->we_version_compiled >= 18) {
1586 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1587 "WE(source)=%d enc_capa=0x%x",
1588 range->we_version_compiled,
1589 range->we_version_source,
1590 range->enc_capa);
1591 drv->has_capability = 1;
1592 drv->we_version_compiled = range->we_version_compiled;
1593 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1594 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1595 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1596 }
1597 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1598 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1599 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1600 }
1601 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1602 WPA_DRIVER_CAPA_ENC_WEP104;
1603 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1604 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1605 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1606 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1607 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1608 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1609
1610 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1611 "flags 0x%x",
1612 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1613 } else {
1614 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1615 "assuming WPA is not supported");
1616 }
1617
1618 os_free(range);
1619 return 0;
1620 }
1621
1622
1623 static int wpa_driver_wext_set_wpa(void *priv, int enabled)
1624 {
1625 struct wpa_driver_wext_data *drv = priv;
1626 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1627
1628 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1629 enabled);
1630 }
1631
1632
1633 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1634 const u8 *psk)
1635 {
1636 struct iw_encode_ext *ext;
1637 struct iwreq iwr;
1638 int ret;
1639
1640 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1641
1642 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1643 return 0;
1644
1645 if (!psk)
1646 return 0;
1647
1648 os_memset(&iwr, 0, sizeof(iwr));
1649 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1650
1651 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1652 if (ext == NULL)
1653 return -1;
1654
1655 iwr.u.encoding.pointer = (caddr_t) ext;
1656 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1657 ext->key_len = PMK_LEN;
1658 os_memcpy(&ext->key, psk, ext->key_len);
1659 ext->alg = IW_ENCODE_ALG_PMK;
1660
1661 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1662 if (ret < 0)
1663 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1664 os_free(ext);
1665
1666 return ret;
1667 }
1668
1669
1670 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
1671 const u8 *addr, int key_idx,
1672 int set_tx, const u8 *seq,
1673 size_t seq_len,
1674 const u8 *key, size_t key_len)
1675 {
1676 struct wpa_driver_wext_data *drv = priv;
1677 struct iwreq iwr;
1678 int ret = 0;
1679 struct iw_encode_ext *ext;
1680
1681 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1682 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1683 __FUNCTION__, (unsigned long) seq_len);
1684 return -1;
1685 }
1686
1687 ext = os_zalloc(sizeof(*ext) + key_len);
1688 if (ext == NULL)
1689 return -1;
1690 os_memset(&iwr, 0, sizeof(iwr));
1691 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1692 iwr.u.encoding.flags = key_idx + 1;
1693 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1694 if (alg == WPA_ALG_NONE)
1695 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1696 iwr.u.encoding.pointer = (caddr_t) ext;
1697 iwr.u.encoding.length = sizeof(*ext) + key_len;
1698
1699 if (addr == NULL ||
1700 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1701 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1702 if (set_tx)
1703 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1704
1705 ext->addr.sa_family = ARPHRD_ETHER;
1706 if (addr)
1707 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1708 else
1709 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1710 if (key && key_len) {
1711 os_memcpy(ext + 1, key, key_len);
1712 ext->key_len = key_len;
1713 }
1714 switch (alg) {
1715 case WPA_ALG_NONE:
1716 ext->alg = IW_ENCODE_ALG_NONE;
1717 break;
1718 case WPA_ALG_WEP:
1719 ext->alg = IW_ENCODE_ALG_WEP;
1720 break;
1721 case WPA_ALG_TKIP:
1722 ext->alg = IW_ENCODE_ALG_TKIP;
1723 break;
1724 case WPA_ALG_CCMP:
1725 ext->alg = IW_ENCODE_ALG_CCMP;
1726 break;
1727 case WPA_ALG_PMK:
1728 ext->alg = IW_ENCODE_ALG_PMK;
1729 break;
1730 #ifdef CONFIG_IEEE80211W
1731 case WPA_ALG_IGTK:
1732 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1733 break;
1734 #endif /* CONFIG_IEEE80211W */
1735 default:
1736 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1737 __FUNCTION__, alg);
1738 os_free(ext);
1739 return -1;
1740 }
1741
1742 if (seq && seq_len) {
1743 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1744 os_memcpy(ext->rx_seq, seq, seq_len);
1745 }
1746
1747 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1748 ret = errno == EOPNOTSUPP ? -2 : -1;
1749 if (errno == ENODEV) {
1750 /*
1751 * ndiswrapper seems to be returning incorrect error
1752 * code.. */
1753 ret = -2;
1754 }
1755
1756 perror("ioctl[SIOCSIWENCODEEXT]");
1757 }
1758
1759 os_free(ext);
1760 return ret;
1761 }
1762
1763
1764 /**
1765 * wpa_driver_wext_set_key - Configure encryption key
1766 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1767 * @priv: Private driver interface data
1768 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1769 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1770 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1771 * broadcast/default keys
1772 * @key_idx: key index (0..3), usually 0 for unicast keys
1773 * @set_tx: Configure this key as the default Tx key (only used when
1774 * driver does not support separate unicast/individual key
1775 * @seq: Sequence number/packet number, seq_len octets, the next
1776 * packet number to be used for in replay protection; configured
1777 * for Rx keys (in most cases, this is only used with broadcast
1778 * keys and set to zero for unicast keys)
1779 * @seq_len: Length of the seq, depends on the algorithm:
1780 * TKIP: 6 octets, CCMP: 6 octets
1781 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1782 * 8-byte Rx Mic Key
1783 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1784 * TKIP: 32, CCMP: 16)
1785 * Returns: 0 on success, -1 on failure
1786 *
1787 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1788 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1789 */
1790 int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
1791 const u8 *addr, int key_idx,
1792 int set_tx, const u8 *seq, size_t seq_len,
1793 const u8 *key, size_t key_len)
1794 {
1795 struct wpa_driver_wext_data *drv = priv;
1796 struct iwreq iwr;
1797 int ret = 0;
1798
1799 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1800 "key_len=%lu",
1801 __FUNCTION__, alg, key_idx, set_tx,
1802 (unsigned long) seq_len, (unsigned long) key_len);
1803
1804 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1805 seq, seq_len, key, key_len);
1806 if (ret == 0)
1807 return 0;
1808
1809 if (ret == -2 &&
1810 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1811 wpa_printf(MSG_DEBUG, "Driver did not support "
1812 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1813 ret = 0;
1814 } else {
1815 wpa_printf(MSG_DEBUG, "Driver did not support "
1816 "SIOCSIWENCODEEXT");
1817 return ret;
1818 }
1819
1820 os_memset(&iwr, 0, sizeof(iwr));
1821 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1822 iwr.u.encoding.flags = key_idx + 1;
1823 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1824 if (alg == WPA_ALG_NONE)
1825 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1826 iwr.u.encoding.pointer = (caddr_t) key;
1827 iwr.u.encoding.length = key_len;
1828
1829 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1830 perror("ioctl[SIOCSIWENCODE]");
1831 ret = -1;
1832 }
1833
1834 if (set_tx && alg != WPA_ALG_NONE) {
1835 os_memset(&iwr, 0, sizeof(iwr));
1836 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1837 iwr.u.encoding.flags = key_idx + 1;
1838 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1839 iwr.u.encoding.pointer = (caddr_t) NULL;
1840 iwr.u.encoding.length = 0;
1841 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1842 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1843 ret = -1;
1844 }
1845 }
1846
1847 return ret;
1848 }
1849
1850
1851 static int wpa_driver_wext_set_countermeasures(void *priv,
1852 int enabled)
1853 {
1854 struct wpa_driver_wext_data *drv = priv;
1855 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1856 return wpa_driver_wext_set_auth_param(drv,
1857 IW_AUTH_TKIP_COUNTERMEASURES,
1858 enabled);
1859 }
1860
1861
1862 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1863 int enabled)
1864 {
1865 struct wpa_driver_wext_data *drv = priv;
1866 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1867 drv->use_crypt = enabled;
1868 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1869 enabled);
1870 }
1871
1872
1873 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1874 const u8 *addr, int cmd, int reason_code)
1875 {
1876 struct iwreq iwr;
1877 struct iw_mlme mlme;
1878 int ret = 0;
1879
1880 os_memset(&iwr, 0, sizeof(iwr));
1881 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1882 os_memset(&mlme, 0, sizeof(mlme));
1883 mlme.cmd = cmd;
1884 mlme.reason_code = reason_code;
1885 mlme.addr.sa_family = ARPHRD_ETHER;
1886 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1887 iwr.u.data.pointer = (caddr_t) &mlme;
1888 iwr.u.data.length = sizeof(mlme);
1889
1890 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1891 perror("ioctl[SIOCSIWMLME]");
1892 ret = -1;
1893 }
1894
1895 return ret;
1896 }
1897
1898
1899 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1900 int reason_code)
1901 {
1902 struct wpa_driver_wext_data *drv = priv;
1903 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1904 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1905 }
1906
1907
1908 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1909 int reason_code)
1910 {
1911 struct wpa_driver_wext_data *drv = priv;
1912 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1913 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC,
1914 reason_code);
1915 }
1916
1917
1918 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1919 size_t ie_len)
1920 {
1921 struct wpa_driver_wext_data *drv = priv;
1922 struct iwreq iwr;
1923 int ret = 0;
1924
1925 os_memset(&iwr, 0, sizeof(iwr));
1926 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1927 iwr.u.data.pointer = (caddr_t) ie;
1928 iwr.u.data.length = ie_len;
1929
1930 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1931 perror("ioctl[SIOCSIWGENIE]");
1932 ret = -1;
1933 }
1934
1935 return ret;
1936 }
1937
1938
1939 int wpa_driver_wext_cipher2wext(int cipher)
1940 {
1941 switch (cipher) {
1942 case CIPHER_NONE:
1943 return IW_AUTH_CIPHER_NONE;
1944 case CIPHER_WEP40:
1945 return IW_AUTH_CIPHER_WEP40;
1946 case CIPHER_TKIP:
1947 return IW_AUTH_CIPHER_TKIP;
1948 case CIPHER_CCMP:
1949 return IW_AUTH_CIPHER_CCMP;
1950 case CIPHER_WEP104:
1951 return IW_AUTH_CIPHER_WEP104;
1952 default:
1953 return 0;
1954 }
1955 }
1956
1957
1958 int wpa_driver_wext_keymgmt2wext(int keymgmt)
1959 {
1960 switch (keymgmt) {
1961 case KEY_MGMT_802_1X:
1962 case KEY_MGMT_802_1X_NO_WPA:
1963 return IW_AUTH_KEY_MGMT_802_1X;
1964 case KEY_MGMT_PSK:
1965 return IW_AUTH_KEY_MGMT_PSK;
1966 default:
1967 return 0;
1968 }
1969 }
1970
1971
1972 static int
1973 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1974 struct wpa_driver_associate_params *params)
1975 {
1976 struct iwreq iwr;
1977 int ret = 0;
1978
1979 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1980 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1981
1982 os_memset(&iwr, 0, sizeof(iwr));
1983 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1984 /* Just changing mode, not actual keys */
1985 iwr.u.encoding.flags = 0;
1986 iwr.u.encoding.pointer = (caddr_t) NULL;
1987 iwr.u.encoding.length = 0;
1988
1989 /*
1990 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1991 * different things. Here they are used to indicate Open System vs.
1992 * Shared Key authentication algorithm. However, some drivers may use
1993 * them to select between open/restricted WEP encrypted (open = allow
1994 * both unencrypted and encrypted frames; restricted = only allow
1995 * encrypted frames).
1996 */
1997
1998 if (!drv->use_crypt) {
1999 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2000 } else {
2001 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
2002 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2003 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
2004 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2005 }
2006
2007 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2008 perror("ioctl[SIOCSIWENCODE]");
2009 ret = -1;
2010 }
2011
2012 return ret;
2013 }
2014
2015
2016 int wpa_driver_wext_associate(void *priv,
2017 struct wpa_driver_associate_params *params)
2018 {
2019 struct wpa_driver_wext_data *drv = priv;
2020 int ret = 0;
2021 int allow_unencrypted_eapol;
2022 int value;
2023
2024 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2025
2026 /*
2027 * If the driver did not support SIOCSIWAUTH, fallback to
2028 * SIOCSIWENCODE here.
2029 */
2030 if (drv->auth_alg_fallback &&
2031 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2032 ret = -1;
2033
2034 if (!params->bssid &&
2035 wpa_driver_wext_set_bssid(drv, NULL) < 0)
2036 ret = -1;
2037
2038 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2039 * from configuration, not from here, where only the selected suite is
2040 * available */
2041 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2042 < 0)
2043 ret = -1;
2044 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2045 value = IW_AUTH_WPA_VERSION_DISABLED;
2046 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2047 value = IW_AUTH_WPA_VERSION_WPA2;
2048 else
2049 value = IW_AUTH_WPA_VERSION_WPA;
2050 if (wpa_driver_wext_set_auth_param(drv,
2051 IW_AUTH_WPA_VERSION, value) < 0)
2052 ret = -1;
2053 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2054 if (wpa_driver_wext_set_auth_param(drv,
2055 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2056 ret = -1;
2057 value = wpa_driver_wext_cipher2wext(params->group_suite);
2058 if (wpa_driver_wext_set_auth_param(drv,
2059 IW_AUTH_CIPHER_GROUP, value) < 0)
2060 ret = -1;
2061 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2062 if (wpa_driver_wext_set_auth_param(drv,
2063 IW_AUTH_KEY_MGMT, value) < 0)
2064 ret = -1;
2065 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2066 params->pairwise_suite != CIPHER_NONE ||
2067 params->group_suite != CIPHER_NONE ||
2068 params->wpa_ie_len;
2069 if (wpa_driver_wext_set_auth_param(drv,
2070 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2071 ret = -1;
2072
2073 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2074 * not using WPA. IEEE 802.1X specifies that these frames are not
2075 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2076 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2077 params->key_mgmt_suite == KEY_MGMT_PSK)
2078 allow_unencrypted_eapol = 0;
2079 else
2080 allow_unencrypted_eapol = 1;
2081
2082 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2083 ret = -1;
2084 if (wpa_driver_wext_set_auth_param(drv,
2085 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2086 allow_unencrypted_eapol) < 0)
2087 ret = -1;
2088 #ifdef CONFIG_IEEE80211W
2089 switch (params->mgmt_frame_protection) {
2090 case NO_MGMT_FRAME_PROTECTION:
2091 value = IW_AUTH_MFP_DISABLED;
2092 break;
2093 case MGMT_FRAME_PROTECTION_OPTIONAL:
2094 value = IW_AUTH_MFP_OPTIONAL;
2095 break;
2096 case MGMT_FRAME_PROTECTION_REQUIRED:
2097 value = IW_AUTH_MFP_REQUIRED;
2098 break;
2099 };
2100 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2101 ret = -1;
2102 #endif /* CONFIG_IEEE80211W */
2103 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2104 ret = -1;
2105 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2106 ret = -1;
2107 if (params->bssid &&
2108 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2109 ret = -1;
2110
2111 return ret;
2112 }
2113
2114
2115 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2116 {
2117 struct wpa_driver_wext_data *drv = priv;
2118 int algs = 0, res;
2119
2120 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2121 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2122 if (auth_alg & AUTH_ALG_SHARED_KEY)
2123 algs |= IW_AUTH_ALG_SHARED_KEY;
2124 if (auth_alg & AUTH_ALG_LEAP)
2125 algs |= IW_AUTH_ALG_LEAP;
2126 if (algs == 0) {
2127 /* at least one algorithm should be set */
2128 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2129 }
2130
2131 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2132 algs);
2133 drv->auth_alg_fallback = res == -2;
2134 return res;
2135 }
2136
2137
2138 /**
2139 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2140 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2141 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2142 * Returns: 0 on success, -1 on failure
2143 */
2144 int wpa_driver_wext_set_mode(void *priv, int mode)
2145 {
2146 struct wpa_driver_wext_data *drv = priv;
2147 struct iwreq iwr;
2148 int ret = -1, flags;
2149 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2150
2151 os_memset(&iwr, 0, sizeof(iwr));
2152 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2153 iwr.u.mode = new_mode;
2154 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2155 ret = 0;
2156 goto done;
2157 }
2158
2159 if (errno != EBUSY) {
2160 perror("ioctl[SIOCSIWMODE]");
2161 goto done;
2162 }
2163
2164 /* mac80211 doesn't allow mode changes while the device is up, so if
2165 * the device isn't in the mode we're about to change to, take device
2166 * down, try to set the mode again, and bring it back up.
2167 */
2168 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2169 perror("ioctl[SIOCGIWMODE]");
2170 goto done;
2171 }
2172
2173 if (iwr.u.mode == new_mode) {
2174 ret = 0;
2175 goto done;
2176 }
2177
2178 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2179 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2180
2181 /* Try to set the mode again while the interface is down */
2182 iwr.u.mode = new_mode;
2183 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2184 perror("ioctl[SIOCSIWMODE]");
2185 else
2186 ret = 0;
2187
2188 /* Ignore return value of get_ifflags to ensure that the device
2189 * is always up like it was before this function was called.
2190 */
2191 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2192 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2193 }
2194
2195 done:
2196 return ret;
2197 }
2198
2199
2200 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2201 u32 cmd, const u8 *bssid, const u8 *pmkid)
2202 {
2203 struct iwreq iwr;
2204 struct iw_pmksa pmksa;
2205 int ret = 0;
2206
2207 os_memset(&iwr, 0, sizeof(iwr));
2208 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2209 os_memset(&pmksa, 0, sizeof(pmksa));
2210 pmksa.cmd = cmd;
2211 pmksa.bssid.sa_family = ARPHRD_ETHER;
2212 if (bssid)
2213 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2214 if (pmkid)
2215 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2216 iwr.u.data.pointer = (caddr_t) &pmksa;
2217 iwr.u.data.length = sizeof(pmksa);
2218
2219 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2220 if (errno != EOPNOTSUPP)
2221 perror("ioctl[SIOCSIWPMKSA]");
2222 ret = -1;
2223 }
2224
2225 return ret;
2226 }
2227
2228
2229 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2230 const u8 *pmkid)
2231 {
2232 struct wpa_driver_wext_data *drv = priv;
2233 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2234 }
2235
2236
2237 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2238 const u8 *pmkid)
2239 {
2240 struct wpa_driver_wext_data *drv = priv;
2241 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2242 }
2243
2244
2245 static int wpa_driver_wext_flush_pmkid(void *priv)
2246 {
2247 struct wpa_driver_wext_data *drv = priv;
2248 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2249 }
2250
2251
2252 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2253 {
2254 struct wpa_driver_wext_data *drv = priv;
2255 if (!drv->has_capability)
2256 return -1;
2257 os_memcpy(capa, &drv->capa, sizeof(*capa));
2258 return 0;
2259 }
2260
2261
2262 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2263 const char *ifname)
2264 {
2265 if (ifname == NULL) {
2266 drv->ifindex2 = -1;
2267 return 0;
2268 }
2269
2270 drv->ifindex2 = if_nametoindex(ifname);
2271 if (drv->ifindex2 <= 0)
2272 return -1;
2273
2274 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2275 "wireless events", drv->ifindex2, ifname);
2276
2277 return 0;
2278 }
2279
2280
2281 int wpa_driver_wext_set_operstate(void *priv, int state)
2282 {
2283 struct wpa_driver_wext_data *drv = priv;
2284
2285 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2286 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2287 drv->operstate = state;
2288 return wpa_driver_wext_send_oper_ifla(
2289 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2290 }
2291
2292
2293 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2294 {
2295 return drv->we_version_compiled;
2296 }
2297
2298
2299 const struct wpa_driver_ops wpa_driver_wext_ops = {
2300 .name = "wext",
2301 .desc = "Linux wireless extensions (generic)",
2302 .get_bssid = wpa_driver_wext_get_bssid,
2303 .get_ssid = wpa_driver_wext_get_ssid,
2304 .set_wpa = wpa_driver_wext_set_wpa,
2305 .set_key = wpa_driver_wext_set_key,
2306 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2307 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
2308 .scan = wpa_driver_wext_scan,
2309 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2310 .deauthenticate = wpa_driver_wext_deauthenticate,
2311 .disassociate = wpa_driver_wext_disassociate,
2312 .set_mode = wpa_driver_wext_set_mode,
2313 .associate = wpa_driver_wext_associate,
2314 .set_auth_alg = wpa_driver_wext_set_auth_alg,
2315 .init = wpa_driver_wext_init,
2316 .deinit = wpa_driver_wext_deinit,
2317 .add_pmkid = wpa_driver_wext_add_pmkid,
2318 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2319 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2320 .get_capa = wpa_driver_wext_get_capa,
2321 .set_operstate = wpa_driver_wext_set_operstate,
2322 };
Unnamed repository; edit this file 'description' to name the repository.